package com.coke.spring.oauth.server.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;

/**
 * @author cwm
 * @Description 授权服务器
 * @date 2021/9/8 下午3:40
 * @Version 1.0
 */
@Configuration
@EnableAuthorizationServer
public class CokeAuthorizationServerconfig implements AuthorizationServerConfigurer {
    @Autowired
    private AuthenticationManager authenticationManager;
    @Autowired
    private PasswordEncoder passwordEncoder;
    /**
     *表示的资源服务器 校验token的时候需要干什么(这里表示需要带入自己appid,和app secret)来进行验证
     * @param authorizationServerSecurityConfigurer
     * @throws Exception
     */
    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.checkTokenAccess("");
    }

    /**
     * 作为授权服务器,必须知道有哪些第三方app 来向我们授权服务器
     *  索取令牌,所以这个方法就是配置 哪些第三方app可以来获取我们的令牌的.
     * @param clientDetailsServiceConfigurer
     * @throws Exception
     */
    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        clientDetailsServiceConfigurer.inMemory()
                .withClient("portal_app")
                .secret(passwordEncoder.encode("portal_app"))
                .authorizedGrantTypes("password","authorization_code")
                .scopes("read")
                .accessTokenValiditySeconds(3600)
                .resourceIds("order-service","product-service")
                .redirectUris("http://www.baidu.com")
                .and()
                .withClient("order_app")
                .secret(passwordEncoder.encode("smlz"))
                .accessTokenValiditySeconds(1800)
                .scopes("read")
                .authorizedGrantTypes("password")
                .resourceIds("order-service")
                .and()
                .withClient("product_app")
                .secret(passwordEncoder.encode("smlz"))
                .accessTokenValiditySeconds(1800)
                .scopes("read")
                .authorizedGrantTypes("password")
                .resourceIds("product-service");
    }

    /**
     * 认证服务器 需要知道 是哪个用户来访问资源服务器，所以该方法是用来
     * @param authorizationServerEndpointsConfigurer
     * @throws Exception
     */
    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        authorizationServerEndpointsConfigurer.authenticationManager(authenticationManager);
    }
}
